package endpoints

import (
	"arbeitszeitmessung/helper"
	"arbeitszeitmessung/models"
	"arbeitszeitmessung/templates"
	"log"
	"net/http"
	"strconv"
	"time"

	"github.com/alexedwards/scs/v2"
)

var Session *scs.SessionManager

func CreateSessionManager(lifetime time.Duration) *scs.SessionManager {
	Session = scs.New()
	Session.Lifetime = lifetime
	return Session
}

func LoginHandler(w http.ResponseWriter, r *http.Request) {
	switch r.Method {
	case http.MethodGet:
		showLoginPage(w, r, false)
		break
	case http.MethodPost:
		loginUser(w, r)
		break
	default:
		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
		break
	}
}

func UserHandler(w http.ResponseWriter, r *http.Request) {
	helper.RequiresLogin(Session, w, r)
	switch r.Method {
	case http.MethodGet:
		showUserPage(w, r, 0)
		break
	case http.MethodPost:
		changePassword(w, r)
		break
	default:
		http.Error(w, "Method not allowed!", http.StatusMethodNotAllowed)
		break
	}
}

func showLoginPage(w http.ResponseWriter, r *http.Request, failed bool) {
	templates.LoginPage(failed).Render(r.Context(), w)
}

func loginUser(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	if err != nil {
		log.Println("Error parsing form!", err)
		http.Error(w, "Internal error", http.StatusBadRequest)
		return
	}
	_personal_nummer := r.FormValue("personal_nummer")
	if _personal_nummer == "" {
		log.Println("No personal_nummer provided!")
		http.Error(w, "No personal_nummer provided", http.StatusBadRequest)
		return
	}
	personal_nummer, err := strconv.Atoi(_personal_nummer)
	if err != nil {
		log.Println("Cannot parse personal nubmer!")
		http.Error(w, "Cannot parse number", http.StatusBadRequest)
		return
	}

	user, err := (*models.User).GetByPersonalNummer(nil, personal_nummer)
	if err != nil {
		log.Println("No user found under this personal number!")
		http.Error(w, "No user found!", http.StatusNotFound)
	}

	password := r.FormValue("password")
	if user.Login(password) {
		log.Printf("New succesfull user login from %s %s!\n", user.Vorname, user.Name)
		Session.Put(r.Context(), "user", user.PersonalNummer)
		http.Redirect(w, r, "/time", http.StatusSeeOther) //with this browser always uses GET
	} else {
		showLoginPage(w, r, true)
		return
	}
	showLoginPage(w, r, false)
	return
}

// change user password and store salted hash in db
func changePassword(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	if err != nil {
		log.Println("Error parsing form!", err)
		http.Error(w, "Error parsing form error", http.StatusBadRequest)
		return
	}
	password := r.FormValue("password")
	newPassword := r.FormValue("new_password")
	if password == "" || newPassword == "" || newPassword != r.FormValue("new_password_repeat") {
		showUserPage(w, r, http.StatusBadRequest)
		return
	}
	user, err := (*models.User).GetByPersonalNummer(nil, Session.GetInt(r.Context(), "user"))
	if err != nil {
		log.Println("Error getting user!", err)
		showUserPage(w, r, http.StatusBadRequest)
	}
	auth, err := user.ChangePass(password, newPassword)
	if err != nil {
		log.Println("Error when changing password!", err)
	}
	if auth {
		showUserPage(w, r, http.StatusOK)
		return
	}
	showUserPage(w, r, http.StatusUnauthorized)
}

func showUserPage(w http.ResponseWriter, r *http.Request, status int) {
	templates.UserPage(status).Render(r.Context(), w)
	return
}